|
Package gb_vbs_tables
This package provides the Common Business interface for the Value Based Security Tables API, gb_vbs_tables.
GORFDPL: (FGAC VBS Table Rules) VBS Table Rules define the driver (master) table and additional associated tables for each domain (business function area) defined in the FGAC Domain Validation table (GTVFDMN).
The associated tables are linked to the main driver table by specifying an appropriate SQL statement. VBS Table Rules may be set up in advance and enabled with the Active Indicator. When a Table Rule is made active (Active indicator is 'Y') or inactive (Active indicator is 'N'), the DBMS_RLS set context function will enable or disable the policies in that domain.
After VBS Table Rules have been created, the policies must be added to the database with gorfdpl.sql. This script creates the respective "_SEL" (select), "_INS" (insert), "_UPD" (update) and "_DEL" (delete) records in dba_policies.
While only one policy may exist per table, each table may belong to multiple VBS domains.
FGAC VBS processing is centralized in the GOKFGAC package by appending the FGAC Group Rule predicate(s) for a domain (GORFPRD) to the driver SQL (if specified) for each VBS Table Rule (GORFDPL). The benefit of this approach to securing data access and manipulation to authorized users only is that it is completely table-driven.
|
M_ENTITY_NAME
M_ENTITY_NAME CONSTANT VARCHAR2(13) := 'VBS_TABLES';
Business Entity name.
vbs_tables_rec
TYPE vbs_tables_rec IS RECORD (
r_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
r_table_name gorfdpl.gorfdpl_table_name%TYPE,
r_sys_req_ind gorfdpl.gorfdpl_sys_req_ind%TYPE,
r_active_ind gorfdpl.gorfdpl_active_ind%TYPE,
r_user_id gorfdpl.gorfdpl_user_id%TYPE,
r_driver_sql gorfdpl.gorfdpl_driver_sql%TYPE,
r_internal_record_id gb_common.internal_record_id_type);
Entity record type.
vbs_tables_ref
TYPE vbs_tables_ref IS REF CURSOR RETURN vbs_tables_rec;
Entity cursor variable type.
vbs_tables_tab
TYPE vbs_tables_tab IS TABLE OF vbs_tables_rec INDEX BY BINARY_INTEGER;
Entity table type.
f_api_version
FUNCTION f_api_version RETURN PLS_INTEGER
Returns the API version number.
|
|
Version of the API signature. Changes only when the signature changes.
|
f_exists
FUNCTION f_exists(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE,
p_rowid VARCHAR2 DEFAULT NULL) RETURN VARCHAR2
Checks to see if a record exists.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
f_exists
FUNCTION f_exists(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE,
p_sys_req_ind gorfdpl.gorfdpl_sys_req_ind%TYPE,
p_active_ind gorfdpl.gorfdpl_active_ind%TYPE,
p_user_id gorfdpl.gorfdpl_user_id%TYPE DEFAULT gb_common.f_sct_user,
p_driver_sql gorfdpl.gorfdpl_driver_sql%TYPE DEFAULT NULL,
p_rowid VARCHAR2 DEFAULT NULL) RETURN VARCHAR2
Checks to see if a record exists but the Active indicator has been changed.
Used in p_update.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
|
|
p_sys_req_ind
|
Indicates whether or not this domain is system required. Required.
|
|
|
p_active_ind
|
Indicates whether or not this domain is active. Required.
|
|
|
p_user_id
|
The Oracle ID of the user who created or last updated the record. Required.
|
|
|
p_driver_sql
|
SQL statement that links the table to the FDMN driver table. Required.
|
|
|
p_rowid
|
Database ROWID of the record to be updated. Optional.
|
f_sys_req
FUNCTION f_sys_req(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE,
p_rowid VARCHAR2 DEFAULT NULL) RETURN VARCHAR2
Checks to see if a record is system required.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
f_isequal
FUNCTION f_isequal(rec_one vbs_tables_rec,
rec_two vbs_tables_rec) RETURN VARCHAR2
Compares two records for equality.
Tests each field of rec_one against the corresponding field of rec_two. Two null values are considered equal.
|
|
Y if all values in the records are equal, otherwise N. Nulls match Nulls.
|
f_query_all
FUNCTION f_query_all(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE)
RETURN vbs_tables_ref
Selects all records for the entity.
This query uses all the key values to locate a record.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
|
|
A cursor variable that will fetch the set of records.
|
f_query_one
FUNCTION f_query_one(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE)
RETURN vbs_tables_ref
Selects one record using the key.
Always returns the current record for the domain, table_name.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
|
|
A cursor variable that will fetch exactly one record.
|
f_query_by_rowid
FUNCTION f_query_by_rowid(p_rowid VARCHAR2) RETURN vbs_tables_ref
Selects one record using the ROWID.
|
|
p_rowid
|
Database ROWID of the record to be selected.
|
|
|
A cursor variable that will fetch exactly one record.
|
f_query_one_lock
FUNCTION f_query_one_lock(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE,
p_rowid VARCHAR2 DEFAULT NULL)
RETURN vbs_tables_ref
Selects one record and locks it.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
|
|
p_rowid
|
Database ROWID of the record to be selected. Optional.
|
|
|
A cursor variable for one record, locking the record.
|
p_create
PROCEDURE p_create(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE,
p_sys_req_ind gorfdpl.gorfdpl_sys_req_ind%TYPE DEFAULT 'N',
p_active_ind gorfdpl.gorfdpl_active_ind%TYPE DEFAULT 'N',
p_user_id gorfdpl.gorfdpl_user_id%TYPE DEFAULT gb_common.f_sct_user,
p_driver_sql gorfdpl.gorfdpl_driver_sql%TYPE DEFAULT NULL,
p_rowid_out OUT VARCHAR2)
Creates a record.
Identifies the driver table associated with each of the various domains.
Activates the domain (by changing the Active indicator from 'N' to 'Y') and associates a driver SQL statement with that table.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
|
|
p_sys_req_ind
|
Indicates whether or not this domain is system required. Required.
|
|
|
p_active_ind
|
Indicates whether or not this domain is active. Required.
|
|
|
p_user_id
|
The Oracle ID of the user who created or last updated the record. Optional.
|
|
|
p_driver_sql
|
SQL statement that links the table to the FDMN driver table. Optional.
|
|
|
p_rowid_out
|
Database ROWID of the record that was created. Optional.
|
p_delete
PROCEDURE p_delete(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE,
p_rowid VARCHAR2 DEFAULT NULL)
Deletes a record.
Record must exist to be deleted and must not be system required.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
|
|
p_rowid
|
Database ROWID of the record to be deleted. Optional.
|
p_lock
PROCEDURE p_lock(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE,
p_rowid_inout IN OUT VARCHAR2)
Locks a record.
If ROWID is not passed in, the record is located using the key values.
The ROWID of the locked row is passed back as p_rowid_inout
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
|
|
p_rowid_inout
|
Database ROWID of the record to be locked. Required.
|
p_update
PROCEDURE p_update(p_fdmn_code gorfdpl.gorfdpl_fdmn_code%TYPE,
p_table_name gorfdpl.gorfdpl_table_name%TYPE,
p_sys_req_ind gorfdpl.gorfdpl_sys_req_ind%TYPE DEFAULT dml_common.f_unspecified_string,
p_active_ind gorfdpl.gorfdpl_active_ind%TYPE DEFAULT dml_common.f_unspecified_string,
p_user_id gorfdpl.gorfdpl_user_id%TYPE DEFAULT gb_common.f_sct_user,
p_driver_sql gorfdpl.gorfdpl_driver_sql%TYPE DEFAULT dml_common.f_unspecified_string,
p_rowid VARCHAR2 DEFAULT NULL)
Updates a record.
Elements with the sys_req_ind of 'Y' (yes) have been delivered by Sungard SCT and should not be changed. The Active indicator, driver SQL statement and User ID may be updated. The System Required indicator may be updated from 'N' to 'Y'.
|
|
p_fdmn_code
|
FGAC Domain code. Required.
|
|
|
p_table_name
|
Table name that the policy covers. Required.
|
|
|
p_sys_req_ind
|
Indicates whether or not this domain is system required. Optional.
|
|
|
p_active_ind
|
Indicates whether or not this domain is active. Optional.
|
|
|
p_user_id
|
The Oracle ID of the user who created or last updated the record. Optional.
|
|
|
p_driver_sql
|
SQL statement that links the table to the FDMN driver table. Optional.
|
|
|
p_rowid
|
Database ROWID of the record to be updated. Optional.
|